Meta

Category: Docker

What’s the problem?

You might read that using scratch is a bad idea for the data-only container pattern and maybe it’s true. Maybe you should use another copy of your base image to host the data. But doesn’t that break the concept of a data-onlycontainer? As a security-minded individual this strikes me as somewhat unusual to store applications with data if the point is to segregate the two. So I set out to prove that using a secure data container pattern is possible — in as few commands as possible.

Big warning

This method is a little unusual as it requires an “initialization phase” for the data container. Although understandable, it’s not perfect and may not scale well without further work.